concatenate or "xor" keys before hash to create unique id?

I 开发者_运维百科want to create a unique id for a device, so I have decided to create SHA1(mac XOR timestamp XOR user_password). Is there any security problem related with this? Would it be better to do SHA1(mac CONCATENATE timestamp CONCATENATE user_password)?

Thank you

Use concatenation - then you'll be basing your hash on all of the available source data.

If you use XOR then there's a risk that one piece of your source data will "cancel out" some (or all) of the bits of the remaining data before it's even passed to the hash function.

And concatenating rather than XORing won't affect the space required for storage of your hash - the generated SHA1 hash will always be 20 bytes regardless of the size of your source data.